Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-3813 Information Exposure vulnerability in Google Android
The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.
local
low complexity
google CWE-200
5.5
2016-07-11 CVE-2016-3812 Information Exposure vulnerability in Google Android
The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.
local
low complexity
google CWE-200
5.5
2016-07-11 CVE-2016-3810 Information Exposure vulnerability in Google Android
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.
local
low complexity
google CWE-200
5.5
2016-07-11 CVE-2016-3809 Information Exposure vulnerability in Google Android
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
local
low complexity
google CWE-200
5.5
2016-07-11 CVE-2016-3764 Improper Input Validation vulnerability in Google Android
media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.
local
low complexity
google CWE-20
4.0
2016-07-11 CVE-2016-3761 Information Exposure vulnerability in Google Android
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
local
low complexity
google CWE-200
4.0
2016-07-11 CVE-2015-8893 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
local
low complexity
google CWE-119
5.5
2016-07-11 CVE-2014-9798 Improper Access Control vulnerability in Google Android
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
local
low complexity
google CWE-284
5.5
2016-06-16 CVE-2012-6702 Cryptographic Issues vulnerability in multiple products
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
network
high complexity
libexpat-project google canonical debian CWE-310
5.9
2016-06-13 CVE-2016-2500 Information Exposure vulnerability in Google Android
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
local
low complexity
google CWE-200
5.5